David Mehren
c7dd942c1f
refactor(auth-token): rename lastUsed to lastUsedAt
...
This is part of an effort to name all date attributes
consistently.
Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-16 22:04:53 +01:00
Yannick Bungers
9ecf7ba2be
Merge pull request #1935 from hedgedoc/feature/verify-password-change
2022-01-04 10:36:09 +01:00
David Mehren
745a1078f1
Merge pull request #1827 from hedgedoc/enhancement/lazy_load_relations
2022-01-03 19:51:39 +01:00
Erik Michelson
eda6835403
feat(auth): password change requires old password
...
By checking the "old" password of the user prior to a password change, the
password change function is more secured against abuse.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2021-12-28 02:09:05 +01:00
David Mehren
3e074d1879
fix(auth): use sha-512 for auth tokens
...
Bcrypt hashes are too slow to be validated on every request.
As our tokens are random and have a fixed length, it is reasonable
to use SHA-512 instead.
SHA-512 is recommended as cryptographically strong by the BSI:
https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-1.pdf?__blob=publicationFile
Fixes https://github.com/hedgedoc/hedgedoc/issues/1881
Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-13 22:44:38 +01:00
David Mehren
3c0c11e3d4
refactor(note): lazy-load relations
...
Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-13 21:45:03 +01:00
Philip Molares
16cd42f197
test: fix note e2e test 'fails with non-existing alias'
...
Because the rejection now happens automatically in the permissions guard it does not get to the controller method and does not report the Content-Type to text/markdown
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-12-02 20:41:14 +01:00
Philip Molares
40e8acb6bb
test: fix note e2e test 'fails, when user can't read note'
...
Because the rejection now happens automatically in the permissions guard it now returns a 403 instead of 401
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-12-02 20:41:14 +01:00
Philip Molares
d716873af2
test: fix test name in alias.e2e-spec.ts
...
This seems to be a copy/paste bug
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 18:06:41 +01:00
David Mehren
9c08ff94fe
fix(note): fix type for owner param
...
To make the create method easier to use in conjunction
with the authentication framework, this commit changes the type of
the `owner` parameter from `User | undefined` to `User | null`.
Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-14 21:46:04 +01:00
Philip Molares
d5c77613bb
test(private-api): fix aliases expect
...
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-11 22:07:20 +01:00
David Mehren
ef2e90da20
Add E2E tests for login and registration
...
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-28 10:19:48 +02:00
David Mehren
5a16047f50
AuthController: Return 409 Conflict when user already exists
...
The previously used HTTP error 400 'Bad Request' is not really
applicable here, as the client did not send a malformed message.
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-28 10:18:05 +02:00
David Mehren
3560d82c44
TestSetup: Initialize full app and session middleware
...
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-28 10:18:05 +02:00
David Mehren
691152579b
Update API routes in private API E2E tests
...
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-21 20:17:03 +02:00
David Mehren
c6cac58a67
Update API routes in public API E2E tests
...
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-21 20:17:03 +02:00
David Mehren
4428f3fb39
Separate private and public API in TestSetup
...
Including both PublicApiModule and PrivateApiModule in the test setup
lead to the API routes overwriting each other.
This adds a router to separate the APIs as they are in the normal app.
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-21 20:17:03 +02:00
David Mehren
0bb333ca69
Migrate private history API E2E test to global TestSetup
...
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-21 20:17:03 +02:00
David Mehren
209a9b93a6
Migrate private me API E2E test to global TestSetup
...
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-21 20:17:03 +02:00
David Mehren
ddaeb4fc66
Migrate private media API E2E test to global TestSetup
...
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-21 20:17:02 +02:00
David Mehren
9489fbaa79
Migrate private notes API E2E test to global TestSetup
...
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-21 19:52:41 +02:00
David Mehren
8a640f6be9
Migrate public alias API E2E test to global TestSetup
...
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-21 19:52:41 +02:00
David Mehren
cddd28f082
Migrate public me API E2E test to global TestSetup
...
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-21 19:52:38 +02:00
David Mehren
5b2b2e9a44
Migrate public media API E2E test to global TestSetup
...
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-21 19:51:57 +02:00
David Mehren
9539581219
Migrate public notes API E2E test to global TestSetup
...
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-21 19:51:57 +02:00
David Mehren
046607f1e5
Move common test preparations into TestSetup class
...
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-21 19:51:57 +02:00
David Mehren
ade58e3ca1
Move tsconfig.test.json to test directory
...
WebStorm does not support typescript.*.json files,
but always uses the nearest tsconfig.json.
Moving the test-specific tsconfig into the test folder allows WebStorm
to use the correct config for the E2E-tests and
stops it from showing unnecessary errors.
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-21 19:51:57 +02:00
Alexandru Văleanu
b3d3015ce7
Add delete media in private API ( #1736 )
...
Adds the missing API route of deleting media in the private API.
2021-10-18 20:00:28 +02:00
Yannick Bungers
d33cfa4541
fix username spelling from userName
...
Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-13 22:54:00 +02:00
Yannick Bungers
141b1bf5e8
Add e2e tests for tokens
...
Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-13 20:54:27 +02:00
Yannick Bungers
276d423ee2
Fix tests with using sessions in e2e tests of private api
...
Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-13 20:54:27 +02:00
Philip Molares
9f38b9036c
test: fix e2e tests to handle the new aliases
...
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-22 20:43:45 +02:00
Philip Molares
67baa51b93
feat: add auth e2e tests
...
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-17 00:00:00 +02:00
Abhilasha Sinha
9d6aa10923
Add new API to purge note history #1064
...
Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>
Combine the describe block
Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>
Fix naming
Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>
Rename purgeRevision to purgeRevisions
Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>
Fix notes e2e test description
Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>
Add yarn.lock
Fix lint and format
Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>
2021-09-07 21:23:26 +05:30
David Mehren
7c618e7f9f
Merge pull request #1613 from hedgedoc/merge/tokenGuardAndStrategy
2021-09-06 12:12:44 +02:00
David Mehren
5c7a787d7e
MediaService: Refactor saveFile
...
The function now expects a `Note` object instead of a noteId
and a `User` instead of a username to
make it more consistent with other functions.
Signed-off-by: David Mehren <git@herrmehren.de>
2021-09-04 22:40:15 +02:00
David Mehren
b552fc10b6
HistoryService: Refactor deleteHistoryEntry
...
The function now expects a `Note` object instead of a noteId to
make it more consistent with other functions.
Signed-off-by: David Mehren <git@herrmehren.de>
2021-09-04 22:40:15 +02:00
David Mehren
99db4bc336
UserService: Improve method naming
...
This renames `createOrUpdateHistoryEntry` to `updateHistoryEntryTimestamp`,
which reduces confusion with the similarly named
`updateHistoryEntry` function.
Signed-off-by: David Mehren <git@herrmehren.de>
2021-09-04 22:40:15 +02:00
David Mehren
f667410b51
Public API: Test that forbidden notes can't be accessed
...
Signed-off-by: David Mehren <git@herrmehren.de>
2021-09-04 22:40:15 +02:00
Philip Molares
c22727dad7
refactor: move TokenAuthGuard in the same file as TokenStrategy
...
This should help to make clear why code is executed when the TokenAuthGuard is encountered by a request. Currently, one has to connect both files via the string 'token', which is a bit cryptic
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-04 18:09:17 +02:00
David Mehren
bcc9ec9c75
Enforce import order with prettier
...
Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 18:45:46 +02:00
David Mehren
392653607d
[E2E tests] Don't use hardcoded service tokens
...
The DI tokens for services seem to have changed with NestJS 8.
As we can also use the class object instead of a hardcoded token,
this commit replaces the tokens accordingly.
Signed-off-by: David Mehren <git@herrmehren.de>
2021-07-15 20:30:51 +02:00
Philip Molares
fb79f44b1f
chore(test): Change test to work with publicId
...
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-05-17 20:27:44 +02:00
David Mehren
e4317725cd
Format with Prettier 2.3
...
Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-15 21:13:44 +02:00
David Mehren
b518583fd2
E2E Tests: Fix ESLint errors
...
Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-09 20:59:31 +02:00
David Mehren
7adbc72a5f
Merge pull request #1130 from hedgedoc/history/transaction
2021-05-02 18:15:05 +02:00
Philip Molares
2ba1be6ea3
PrivateHistoryE2E: Extend POST /me/history
...
Test the correct behaviour in error cases
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-05-02 18:09:16 +02:00
David Mehren
5e61de9bd5
Use node12 TypeScript base config
...
TypeScript recommends using a base config from https://github.com/tsconfig/bases .
Using this config reduces compile times by ~30%
and the size of the dist folder by ~45%.
It also enables the recommended `esModuleInterop` option,
which necessitated some changes to imports.
See also https://www.typescriptlang.org/docs/handbook/release-notes/typescript-2-7.html#support-for-import-d-from-cjs-from-commonjs-modules-with---esmoduleinterop
Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 22:55:01 +02:00
Yannick Bungers
0bad4827bf
Merge pull request #1179 from hedgedoc/util/replaceNull
2021-04-25 21:03:45 +02:00
Philip Molares
38ab6dc27b
NotesE2ETest: Changed test for title and description
...
They should not return null and that's correctly tested now.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-24 21:33:47 +02:00